/**
 *
 *
 *
 *
 *
 */

package qky.common.config;
import javax.servlet.DispatcherType;

import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

import qky.common.xss.XssFilter;

/**
 * Filter配置
 *
 *
 */
@Configuration
public class FilterConfig {

    @Bean
    public FilterRegistrationBean xssFilterRegistration() {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setDispatcherTypes(DispatcherType.REQUEST);
        registration.setFilter(new XssFilter());
        registration.addUrlPatterns("/*");
        registration.setName("xssFilter");
        return registration;
    }
    
    @Bean
    public CorsFilter corsFilter() {
      final UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
      final CorsConfiguration corsConfiguration = new CorsConfiguration();
      /*是否允许请求带有验证信息*/
      corsConfiguration.setAllowCredentials(true);
      /*允许访问的客户端域名*/
      corsConfiguration.addAllowedOrigin("*");
      /*允许服务端访问的客户端请求头*/
      corsConfiguration.addAllowedHeader("*");
      /*允许访问的方法名,GET POST等*/
      corsConfiguration.addAllowedMethod("*");
      urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
      return new CorsFilter(urlBasedCorsConfigurationSource);
    }
    
}
